Systematic decision-making: How a security services team uses AI to win the race against hackers

AI in Cybersecurity

KPMG’s Managed Security Services team partnered with NovaceneAI to improve efficiencies and achieve a consistent and systematic process.

René Bouchard, vice-president of Managed Security Services at KPMG, asked himself many questions when it came to the future of security: how can his team manage the ever-growing amount of security alerts sustainably? What can be done to reduce human mistakes arising from analyzing large amounts of data? How can these two things be achieved while being able to foresee future risks that are unknown today?

That’s when he began to ponder how AI can create efficiencies for cyber security teams. Like his peers, Bouchard stays up to date with the latest uses of AI to improve IT processes. He understands that AI can be trained to learn from past expert decisions and suggest a way forward. While he knows the importance of AI in his field, he wanted to know if he could take it a step further: if the AI could learn the thinking process that his team of analysts follows when assessing security alerts, he could instantly add capacity to help the team manage a larger number of threats while making the process more consistent and systematic.

To put this theory into practice, Bouchard turned to NovaceneAI. Together, they kick-started the development of a proof-of-concept (PoC) – which was intended to answer whether the existing data was enough to model the analysts’ decision-making process, and whether such a model could yield predictions with enough confidence. NovaceneAI data scientists worked closely with KPMG analysts to understand the relevance of the data points they observed during their analysis process. The interdisciplinary collaboration enabled the experts, on both sides, to gain the kind of understanding of each other’s disciplines that is necessary to the development of an effective solution.

Arms race

When a new cyberattack method emerges, traditional rules-based systems are not able to catch it until it’s too late – mainly because these systems rely on pre-programmed rules that can only detect known methods.

“Attackers are constantly evolving their techniques and analysts are playing catch up,” Bouchard says. “It’s impossible to mitigate all of the possible attacks, especially the less understood ones, without some the kind of predictive solution that NovaceneAI provides.”

NovaceneAI’s solution, Bouchard believes, will improve his team’s chances to predict future incidents and allow them to react before irreparable damage takes hold.

Ongoing learning and self-improvement

A key component of the solution is a machine learning (ML) strategy designed to improve the accuracy of predictions over time. Marcelo Bursztein, founder and CEO of NovaceneAI, says he sees an opportunity to leverage the role that analysts will play in the overall system.

“The solution involves a feedback loop that takes the corrections that analysts make to the AI predictions, and uses them as training signals to continually improve the models,” explains Bursztein. “This human-in-the-loop approach not only ensures that key security decisions are duly supervised, but also enables the ongoing improvement of the overall system. The more analysts use the system, the smarter it gets.”

AI-boosted scalability

The number of security alerts is increasing rapidly, and will continue to increase even faster. To keep pace, adding skilled analysts to deal with the incoming flow is essential. But this type of approach is unsustainable: the advent of technologies have simplified the creation of new attacks, and the speed with which these attacks spread.

“Skilled security analysts are scarce and in high demand,” Bouchard says. “It’s only a matter of time until we are simply unable to meet demand while meeting with quality standards that our clients expect from us.”

“This type of human and machine collaboration is a persistent theme with AI-driven automation use cases,” says Bursztein. “Our customers approach us for solutions that free up their analysts from routine work so they can focus on tasks that require human ingenuity,” he says. “It’s a shame to see organizations’ most highly skilled resources spend time on tasks that are transactional and should be automated.”

Why NovaceneAI

Bouchard chose NovaceneAI over large vendors or custom solution developers for one important reason: it was the company that brought the best of both worlds. 

“Often vendors come to the table with solutions that require long implementation lead times and a large commitment of resources on our end,” he explains. “Niche developers, on the other hand, build solutions that later we inherit and need to maintain.”

NovaceneAI enabled KPMG to leverage the company’s existing AI platform to quickly integrate smart data enrichments into analysts’ playbooks. Jonathan Boucher, director of managed services at KPMG, noted the advantages of working with a company that can provide both a product and support services.

“NovaceneAI provides a hybrid solution that marries its platform with a professional services component,” Boucher says. “This type of blended model helps us bypass the effort needed to develop a full custom solution, while providing a mechanism to adapt the existing platform to work for us.”

Following a successful PoC phase, KPMG has continued to engage NovaceneAI’s support with evolving the model, and extending the solution to handle other use cases in their portfolio.